Not able to import aws.directconnect.GatewayAssociation

[dennispan]

What happened?

We are looking to import an existing gateway association (GatewayAssociation), and the related gateway association proposal (GatewayAssociationProposal). But importing GatewayAssociation keeps failing with this error:

    error: aws:directconnect/gatewayAssociation:GatewayAssociation resource 'megaport-dx-association-dev' has a problem: Conflicting configuration arguments: "proposal_id": conflicts with associated_gateway_id. Examine values at 'megaport-dx-association-dev.proposalId'.
    error: aws:directconnect/gatewayAssociation:GatewayAssociation resource 'megaport-dx-association-dev' has a problem: Conflicting configuration arguments: "associated_gateway_id": conflicts with proposal_id. Examine values at 'megaport-dx-association-dev.associatedGatewayId'.
    error: Preview failed: one or more inputs failed to validate

Example

This is the code:

        dx_gateway_association_proposal = aws.directconnect.GatewayAssociationProposal(
            f"megaport-vif-dx-association-proposal-{stack}",
            allowed_prefixes=self._virtual_private_gateway_inputs["allowed_prefixes"],
            associated_gateway_id=vpn_gateway.id,
            dx_gateway_owner_account_id=dx_gateway_account["id"],
            dx_gateway_id=dx_gateway_id,
            opts=pulumi.ResourceOptions(provider=self._provider, import_="474b56b8-3b67-479a-a8ea-5d1f438cd1c7/a6bc7776-5f1f-4281-9362-304f8fe6e62e/vgw-0b354349991d9736c"),
        )

        dx_gateway_association_proposal.id.apply(lambda proposal_id: pulumi.info(f"dx_gateway_association_proposal.id: {proposal_id}"))
        management_provider = provider.get_provider(Account.MANAGEMENT)
        dx_gateway_association = aws.directconnect.GatewayAssociation(
            f"megaport-dx-association-{stack}",
            proposal_id=dx_gateway_association_proposal.id,
            allowed_prefixes=self._virtual_private_gateway_inputs["allowed_prefixes"],
            associated_gateway_id=vpn_gateway.id,
            dx_gateway_id=dx_gateway_id,
            opts=pulumi.ResourceOptions(provider=management_provider, import_="a6bc7776-5f1f-4281-9362-304f8fe6e62e/vgw-0b354349991d9736c"),
        )

I double checked the proposal id 474b56b8-3b67-479a-a8ea-5d1f438cd1c7 is correct. Also checked the direct connect and virtual gateway id.

Output of pulumi about

CLI          
Version      3.104.2
Go Version   go1.21.6
Go Compiler  gc

Plugins
NAME    VERSION
aws     6.12.1
python  unknown

Host     
OS       darwin
Version  14.3.1
Arch     arm64

This project is written in python: executable='.../python3' version='3.11.6'

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/...
User           ...
Organizations  ...
Token type     personal

Dependencies:
NAME        VERSION
pip         23.3.1
pre-commit  3.5.0
pulumi-aws  6.12.1
ruff        0.1.6
wheel       0.42.0
yamllint    1.33.0

Pulumi locates its logs in /var/folders/bv/wvr03yvs2jg0100ny2wk33r00000gp/T/ by default
warning: Failed to get information about the current stack: No current stack

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[VenelinMartinov]

Hi @dennispan, sorry you are having this issue.

It looks like the generated code for the import is not quite right - the resource accepts only one of proposal_id and associated_gateway_id - you can try deleting one of the two parameters to unblock your workflow. Looking at the docs, it seems that proposal_id is for cross-account associations and associated_gateway_id for single account ones.

LMK if you are still having issues after doing that!

[dennispan]

Thanks @VenelinMartinov ! That's a great tip. Indeed we are making some progress, but still getting error. We manually imported the GatewayAssociationProposal, and want to use the code to import GatewayAssociation. However, it is still reporting error with this code:

        Output.all(
            vpn_gateway_id=vpn_gateway.id,
            proposal_id=dx_gateway_association_proposal.id,
        ).apply(
            lambda args: aws.directconnect.GatewayAssociation(
                f"megaport-dx-association-{stack}",
                dx_gateway_id=dx_gateway_id,
                # Use either associated_gateway_id or proposal_id but not both
                # `associated_gateway_id` is for single account association
                # `proposal_id` is for cross account association
                proposal_id=args["proposal_id"],
                associated_gateway_owner_account_id="<aws-account-id>",
                allowed_prefixes=self._virtual_private_gateway_inputs[
                    "allowed_prefixes"
                ],
                opts=pulumi.ResourceOptions(
                    provider=management_provider,
                    import_=f"{dx_gateway_id}/{args['vpn_gateway_id']}",
                ),
            )
        )

Here's the error when I run pulumi preview

     Type                                     Name                         Plan       Info
     pulumi:pulumi:Stack                      network-dev                             1 message
 ~   ├─ pulumi:providers:aws                  workload-dev                 update     [diff: ~assumeRole,version]
 ~   ├─ pulumi:providers:aws                  management                   update     [diff: ~assumeRole,version]
 =   └─ aws:directconnect:GatewayAssociation  megaport-dx-association-dev  import     [diff: +proposalId~associatedGatewayOwnerAccountId]; 1 warning

Diagnostics:
  pulumi:pulumi:Stack (network-dev):
    proposal.id: 474b56b8-3b67-479a-a8ea-5d1f438cd1c7

  aws:directconnect:GatewayAssociation (megaport-dx-association-dev):
    warning: inputs to import do not match the existing resource; importing this resource will fail

I double checked the account id etc. and they are correct. Is there debug log that can be used to see what Pulumi thinks doesn't match the existing resource?

[VenelinMartinov]

Hi @dennispan, from the output there:

 =   └─ aws:directconnect:GatewayAssociation  megaport-dx-association-dev  import     [diff: +proposalId~associatedGatewayOwnerAccountId]; 1 warning

It looks like the resource should not have proposalId and the associatedGatewayOwnerAccountId is different.

+proposalId means the property was added. ~associatedGatewayOwnerAccountId means this one was changed.

How are you importing the resource? Doesn't pulumi print code for you with the right properties when you do pulumi import ...?

EDIT: My bad, I see now you are using the import resource option - this one is a bit more finicky as you have to manually match the inputs - perhaps try with pulumi import - that should generate the right code for you. Does that not work for your usecase?

Instructions for the GatewayAssociation resource are here: https://www.pulumi.com/registry/packages/aws/api-docs/directconnect/gatewayassociation/#import

[flostadler]

Hey @dennispan, we recently released changes that should improve warnings on imports as part of release v6.36.0. Could you please have another try with that version? Thanks!

[dennispan]

Thanks @flostadler ! So far so good after upgraded to the version
Never mind. I was referring to a different issue. Still need to test this with the new version

[dennispan]

I just tried to run the same import but unfortunately I am not able to get back to the previous state and let the same warning message to show up. We can close this and I will for sure report back if something similar happens